From: gbateson Date: Sat, 7 Oct 2006 08:59:59 +0000 (+0000) Subject: added PARAM types for all calls to "optional_param()" and "required_param()" X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=fb414b62e58681b98eaf5feb81aa700e92df5b5f;p=moodle.git added PARAM types for all calls to "optional_param()" and "required_param()" --- diff --git a/mod/hotpot/attempt.php b/mod/hotpot/attempt.php index 68c612c8f0..6d55baf32c 100644 --- a/mod/hotpot/attempt.php +++ b/mod/hotpot/attempt.php @@ -2,7 +2,7 @@ require_once("../../config.php"); require_once("lib.php"); - $attemptid = required_param("attemptid"); + $attemptid = required_param('attemptid', PARAM_INT); // get attempt, hotpot, course and course_module records if (! $attempt = get_record("hotpot_attempts", "id", $attemptid)) { diff --git a/mod/hotpot/index.php b/mod/hotpot/index.php index 9dabc47034..1563381820 100644 --- a/mod/hotpot/index.php +++ b/mod/hotpot/index.php @@ -6,15 +6,16 @@ require_once("../../course/lib.php"); require_once("lib.php"); - $id = required_param("id"); // course - $coursecontext = get_context_instance(CONTEXT_COURSE, $id); - + $id = required_param('id', PARAM_INT); // course if (! $course = get_record("course", "id", $id)) { error("Course ID is incorrect"); } require_login($course->id); + $coursecontext = get_context_instance(CONTEXT_COURSE, $id); + $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID); + add_to_log($course->id, "hotpot", "view all", "index.php?id=$course->id", ""); // Moodle 1.4+ requires sesskey to be passed in forms @@ -44,7 +45,7 @@ $next_url = "$CFG->wwwroot/course/view.php?id=$course->id"; // get display section, if any - $section = optional_param('section', 0); + $section = optional_param('section', 0, PARAM_INT); if ($section) { $displaysection = course_set_display($course->id, $section); } else { @@ -55,60 +56,59 @@ } } - // Get all instances of this module - if (!$hotpots = hotpot_get_all_instances_in_course("hotpot", $course)) { - $hotpots = array(); - } - - // if necessary, remove hotpots that are not in section0 or this $USER's display section - if ($displaysection) { - foreach ($hotpots as $coursemodule=>$hotpot) { - if ($hotpot->section!=0 && $hotpot->section!=$displaysection) { - unset($hotpots[$coursemodule]); - } + // Get all hotpot instances in this course + $hotpots = array(); + if ($hotpot_instances = hotpot_get_all_instances_in_course('hotpot', $course)) { + foreach ($hotpot_instances as $hotpot_instance) { + if ($displaysection>0 && $hotpot_instance->section>0 && $displaysection<>$hotpot_instance->section) { + // do nothing (user is not diplaying this section) + } else { + $hotpots[$hotpot_instance->id] = $hotpot_instance; + } } } - if (empty($hotpots)) { notice("There are no $strmodulenameplural", $next_url); exit; } + $hotpotids = implode(',', array_keys($hotpots)); - // get list of hotpot ids - $hotpotids = array(); - foreach ($hotpots as $cmid=>$hotpot) { - $hotpotids[] = $hotpot->id; - } - $hotpotids = implode(',', $hotpotids); - - if (has_capability('mod/hotpot:grade', get_context_instance(CONTEXT_SYSTEM, SITEID))) { + if (has_capability('mod/hotpot:grade', $sitecontext)) { - // get regrade settings, if any - $regrade = optional_param("regrade"); - $confirm = optional_param("confirm"); + // array of hotpots to be regraded + $regrade_hotpots = array(); - // check regrade is valid - unset($regrade_cmid); - if (isset($regrade)) { - foreach ($hotpots as $cmid=>$hotpot) { - $found = false; - if ($hotpot->id==$regrade) { - $regrade_cmid = $cmid; + // do we need to regrade any or all of the hotpots? + $regrade = optional_param('regrade', 0, PARAM_SEQUENCE); + if ($regrade) { + // add valid hotpot ids to the regrade array + $regrade = explode(',', $regrade); + foreach ($regrade as $id) { + if (isset($hotpots[$id])) { + $regrade_hotpots[$id] = &$hotpots[$id]; } } + $regrade = implode(',', array_keys($regrade_hotpots)); } + if ($regrade) { - // regrade, if necessary - if (isset($regrade_cmid)) { - - if (empty($confirm)) { - - $strregradecheck = get_string('regradecheck', 'hotpot', $hotpots[$regrade_cmid]->name); + $confirm = optional_param('confirm', 0, PARAM_BOOL); + if (!$confirm) { print_simple_box_start("center", "60%", "#FFAAAA", 20, "noticebox"); - print_heading($strregradecheck); + + if (count($regrade_hotpots)==1) { + print_heading(get_string('regradecheck', 'hotpot', $regrade_hotpots[$regrade]->name)); + } else { + print_heading(get_string('regradecheck', 'hotpot', '')); + print ''; + } print '' - . '
' + . '
' . '
' . '' . '' @@ -122,104 +122,89 @@ . $sesskey . '' . '
' - . '
' + . '
' ; + print_simple_box_end(); print_footer($course); exit; } else { // regrade has been confirmed, so proceed - if ($regrade=='all') { - $select = "hotpot IN ($hotpotids)"; - } else { - $select = "hotpot=$regrade"; - } - - $questionids = array(); - if ($questions = get_records_select("hotpot_questions", $select)) { - $questionids = array_keys($questions); - } - $questionids = implode(',', $questionids); - - if ($questionids) { - hotpot_delete_and_notify('hotpot_questions', "id IN ($questionids)", get_string('question', 'quiz')); - hotpot_delete_and_notify('hotpot_responses', "question IN ($questionids)", get_string('answer', 'quiz')); - } + // start hotpot counter and timer + $hotpotstart = microtime(); + $hotpotcount = 0; - if ($attempts = get_records_select('hotpot_attempts', $select)) { + // regrade attempts for these hotpots + foreach ($regrade_hotpots as $hotpot) { + notify("$hotpot->name"); - // start counter and timer - $start = microtime(); - $count = 0; - - // use while loop instead of foreach loop - // to allow the possibility of splitting a regrade - // and so avoid "maximum script time exceeded" errors - $attemptids = array_keys($attempts); - $i_max = count($attemptids); - $i = 0; - while ($i<$i_max) { - - $attemptid = $attemptids[$i]; - $attempt =&$attempts[$attemptid]; - - $attempt->details = get_field('hotpot_details', 'details', 'attempt', $attemptid); - if ($attempt->details) { + // delete questions and responses for this hotpot + if ($records = get_records_select('hotpot_questions', "hotpot=$hotpot->id", '', 'id,hotpot')) { + $questionids = implode(',', array_keys($records)); + hotpot_delete_and_notify('hotpot_questions', "id IN ($questionids)", get_string('question', 'quiz')); + hotpot_delete_and_notify('hotpot_responses', "question IN ($questionids)", get_string('answer', 'quiz')); + } - hotpot_add_attempt_details($attempt); - if (! update_record('hotpot_attempts', $attempt)) { - error("Could not update attempt record: ".$db->ErrorMsg(), $next_url); + // start attempt counter and timer + $attemptstart = microtime(); + $attemptcount = 0; + + // regrade attempts, if any, for this hotpot + if ($attempts = get_records_select('hotpot_attempts', "hotpot=$hotpot->id")) { + foreach ($attempts as $attempt) { + $attempt->details = get_field('hotpot_details', 'details', 'attempt', $attempt->id); + if ($attempt->details) { + hotpot_add_attempt_details($attempt); + if (! update_record('hotpot_attempts', $attempt)) { + error("Could not update attempt record: ".$db->ErrorMsg(), $next_url); + } } + $attemptcount++; } - $count++; - $i++; } - if ($count) { - notify(get_string('added', 'moodle', "$count x ".get_string('attempts', 'quiz'))); + if ($attemptcount) { + $msg = get_string('added', 'moodle', "$attemptcount x ".get_string('attempts', 'quiz')); + if (!empty($CFG->hotpot_showtimes)) { + $msg .= ' ('.format_time(sprintf("%0.2f", microtime_diff($attemptstart, microtime()))).')'; + } + notify($msg); } - $msg = get_string('regradecomplete', 'quiz'); + $hotpotcount++; + } // end foreach $hotpots + if ($hotpotcount) { + $msg = get_string('regrade', 'quiz').": $hotpotcount x ".get_string('modulenameplural', 'hotpot'); if (!empty($CFG->hotpot_showtimes)) { - $duration = format_time(sprintf("%0.2f", microtime_diff($start, microtime()))); - $msg .= " ($duration)"; + $msg .= ' ('.format_time(sprintf("%0.2f", microtime_diff($hotpotstart, microtime()))).')'; } notify($msg); } - } + notify(get_string('regradecomplete', 'quiz')); + } // end if $confirm } // end regrade - //print '
'; - //print ''; - //print ''; - //print '
'."\n"; - - // get duplicate hotpot-name questions // - JMatch LHS is longer than 255 bytes // - JQuiz question text is longer than 255 bytes - // - other unidentified situations ?!? + // - other unidentified situations ?! - $field = ''; - $questions = false; - $regradehotpots = array(); - - $field = sql_concat('hotpot', "'_'", 'name'); - - if ($field) { - $questions = get_records_sql(" - SELECT $field, COUNT(*), hotpot, name + $regrade_hotpots = array(); + $concat_field = sql_concat('hotpot', "'_'", 'name'); + if ($concat_field) { + $records = get_records_sql(" + SELECT $concat_field, COUNT(*), hotpot, name FROM {$CFG->prefix}hotpot_questions WHERE hotpot IN ($hotpotids) GROUP BY hotpot, name HAVING COUNT(*) >1 "); - } - if ($questions) { - foreach ($questions as $question) { - $regradehotpots[] = $question->hotpot; + if ($records) { + foreach ($records as $record) { + $regrade_hotpots[$record->hotpot] = 1; + } + ksort($regrade_hotpots); + $regrade_hotpots = array_keys($regrade_hotpots); } - $regradehotpots = array_unique($regradehotpots); - sort($regradehotpots); } } @@ -252,7 +237,7 @@ // so this operation could be done after getting the $totals from the attempts table } $totals = get_records_sql("SELECT $fields FROM $tables WHERE $select GROUP BY a.hotpot"); -//remove i here ihas_capability + if (has_capability('mod/hotpot:grade', get_context_instance(CONTEXT_SYSTEM, SITEID)) && empty($usejoin)) { foreach ($hotpots as $hotpot) { $totals[$hotpot->id]->detailcount = 0; @@ -364,8 +349,8 @@ } } - if (has_capability('mod/hotpot:grade', get_context_instance(CONTEXT_SYSTEM, SITEID))) { - if (in_array($hotpot->id, $regradehotpots)) { + if (has_capability('mod/hotpot:grade', $sitecontext)) { + if (in_array($hotpot->id, $regrade_hotpots)) { $report .= ' '.$strregraderequired.''; } } @@ -389,7 +374,7 @@ array_push($data, $quizname, $quizclose, $bestscore, $report); - if (has_capability('mod/hotpot:grade', get_context_instance(CONTEXT_SYSTEM, SITEID))) { + if (has_capability('mod/hotpot:grade', $sitecontext)) { if (empty($totals[$hotpot->id]->detailcount)) { // no details records for this hotpot, so disable regrade $regradebutton = ' '; diff --git a/mod/hotpot/report.php b/mod/hotpot/report.php index f7d457b98d..4aa3644cd2 100644 --- a/mod/hotpot/report.php +++ b/mod/hotpot/report.php @@ -5,8 +5,8 @@ require_once("../../config.php"); require_once("lib.php"); - $id = optional_param("id"); // Course Module ID, or - $hp = optional_param("hp"); // hotpot ID + $id = optional_param('id', 0, PARAM_INT); // Course Module ID, or + $hp = optional_param('hp', 0, PARAM_INT); // hotpot ID if ($id) { if (! $cm = get_coursemodule_from_id('hotpot', $id)) { @@ -42,7 +42,7 @@ // get report mode if (has_capability('mod/hotpot:viewreport',$modulecontext)) { - $mode = optional_param('mode', 'overview'); + $mode = optional_param('mode', 'overview', PARAM_ALPHA); } else { // ordinary students have no choice $mode = 'overview'; @@ -51,12 +51,12 @@ // assemble array of form data $formdata = array( 'mode' => $mode, - 'reportusers' => has_capability('mod/hotpot:viewreport',$modulecontext) ? optional_param('reportusers', get_user_preferences('hotpot_reportusers', 'allusers')) : 'this', - 'reportattempts' => optional_param('reportattempts', get_user_preferences('hotpot_reportattempts', 'all')), - 'reportformat' => optional_param('reportformat', 'htm'), - 'reportshowlegend' => optional_param('reportshowlegend', get_user_preferences('hotpot_reportshowlegend', '0')), - 'reportencoding' => optional_param('reportencoding', get_user_preferences('hotpot_reportencoding', '')), - 'reportwrapdata' => optional_param('reportwrapdata', get_user_preferences('hotpot_reportwrapdata', '1')), + 'reportusers' => has_capability('mod/hotpot:viewreport',$modulecontext) ? optional_param('reportusers', get_user_preferences('hotpot_reportusers', 'allusers'), PARAM_ALPHA) : 'this', + 'reportattempts' => optional_param('reportattempts', get_user_preferences('hotpot_reportattempts', 'all'), PARAM_ALPHA), + 'reportformat' => optional_param('reportformat', 'htm', PARAM_ALPHA), + 'reportshowlegend' => optional_param('reportshowlegend', get_user_preferences('hotpot_reportshowlegend', '0'), PARAM_INT), + 'reportencoding' => optional_param('reportencoding', get_user_preferences('hotpot_reportencoding', ''), PARAM_ALPHANUM), + 'reportwrapdata' => optional_param('reportwrapdata', get_user_preferences('hotpot_reportwrapdata', '1'), PARAM_INT), ); foreach ($formdata as $name=>$value) { @@ -77,7 +77,7 @@ // delete selected attempts, if any if (has_capability('mod/hotpot:deleteattempt',$modulecontext)) { - $del = optional_param("del", ""); + $del = optional_param('del', '', PARAM_ALPHA); hotpot_delete_selected_attempts($hotpot, $del); } @@ -293,8 +293,6 @@ /// Open the selected hotpot report and display it - $mode = clean_param($mode, PARAM_SAFEDIR); - if (! is_readable("report/$mode/report.php")) { error("Report not known (".clean_text($mode).")", $course_homeurl); } diff --git a/mod/hotpot/review.php b/mod/hotpot/review.php index eda0243217..ad0172a665 100644 --- a/mod/hotpot/review.php +++ b/mod/hotpot/review.php @@ -2,9 +2,11 @@ // This page prints a review of a particular quiz attempt require_once("../../config.php"); require_once("lib.php"); - $id = optional_param("id"); // Course Module ID, or - $hp = optional_param("hp"); // hotpot ID - $attempt = required_param("attempt"); // A particular attempt ID for review + + $id = optional_param('id', 0, PARAM_INT); // Course Module ID, or + $hp = optional_param('hp', 0, PARAM_INT); // hotpot ID + $attempt = required_param('attempt', PARAM_INT); // A particular attempt ID for review + if ($id) { if (! $cm = get_coursemodule_from_id('hotpot', $id)) { error("Course Module ID was incorrect"); @@ -60,7 +62,7 @@ print_heading($hotpot->name); hotpot_print_attempt_summary($hotpot, $attempt); hotpot_print_review_buttons($course, $hotpot, $attempt, $context); - $action = has_capability('mod/hotpot:viewreport',$context) ? optional_param('action') : ''; + $action = has_capability('mod/hotpot:viewreport',$context) ? optional_param('action', '', PARAM_ALPHA) : ''; if ($action) { $xml = get_field('hotpot_details', 'details', 'attempt', $attempt->id); print '
'; diff --git a/mod/hotpot/view.php b/mod/hotpot/view.php index af1a0d31fd..b65ce8dd49 100644 --- a/mod/hotpot/view.php +++ b/mod/hotpot/view.php @@ -8,8 +8,8 @@ require_once("../../config.php"); require_once("lib.php"); - $id = optional_param("id"); // Course Module ID, or - $hp = optional_param("hp"); // hotpot ID + $id = optional_param('id', 0, PARAM_INT); // Course Module ID, or + $hp = optional_param('hp', 0, PARAM_INT); // hotpot ID if ($id) { if (! $cm = get_coursemodule_from_id('hotpot', $id)) { @@ -50,7 +50,7 @@ $button = update_module_button($cm->id, $course->id, get_string("modulename", "hotpot").'" style="font-size:0.75em;'); $loggedinas = ''.user_login_string($course, $USER).''; $time = time(); - $hppassword = optional_param('hppassword'); + $hppassword = optional_param('hppassword', ''); if (HOTPOT_FIRST_ATTEMPT && !has_capability('mod/hotpot:grade', $context)) { // check this quiz is available to this student // error message, if quiz is unavailable @@ -116,9 +116,9 @@ if(!$hp = new hotpot_xml_quiz($hotpot)) { error("Quiz is unavailable at the moment"); } - $get_js = optional_param('js'); - $get_css = optional_param('css'); - $framename = optional_param('framename'); + $get_js = optional_param('js', '', PARAM_ALPHA); + $get_css = optional_param('css', '', PARAM_ALPHA); + $framename = optional_param('framename', '', PARAM_ALPHA); // look for (HP5 v5) $frameset = ''; $frameset_tags = '';